PyPI hackers code sneaky new tactic. Researchers caught ’em red handed
Python Package Index (PyPI) attackers used compiled code to evade detection. It’s possibly the first attack to take advantage of .PYC file direct execution — but likely not the last ... Read More
‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?
Industry luminaries are warning of near-imminent doom unless AI is tamed. Given that today’s generative AI models are writing semi-decent code, shouldn’t we worry we’re preparing the ground for Skynet? ... Read More
PyPI paused as automated attack overwhelms admins
PyPI came under attack from bots at the weekend. Bad actors were trying to submit malicious packages with names similar to established dependencies ... Read More
Red teamers take on AI at DEF CON 31
At this year’s DEF CON, large language models (LLMs) come under scrutiny. Infosec researchers can compete to find vulnerabilities in the new generation of generative AIs ... Read More
SolarWinds hack: Did DoJ know 6 months earlier?
What did the U.S. Justice Department know about the SolarWinds fiasco? How early did it find out? And who did it tell? ... Read More
#RSAC is bustling — and AI + security is huge: #StrongerTogether?
At RSA Conference 2023, you can’t move for artificial intelligence chatter. How will it help us meet the software supply chain security challenge? And how will it help bad actors find vulnerabilities? ... Read More
EU cyber laws ‘will’ make FOSS devs liable
European lawmakers want all software makers to be liable for security holes. Even non-profit or hobbyist developers could be sued for negligence ... Read More
With Twitter code in the wild, DevSecOps doubts surface
Elon Musk’s remaining staff have open-sourced Twitter. Or, at least, they’ve put some of the code onto GitHub ... Read More
